Portugal’s National Data Protection Commission (CNPD) recently announced its decision to ban Worldcoin from collecting biometric data, specifically data related to the iris, eyes, and face, for a period of three months. The CNPD justified this restriction by highlighting several key issues. Firstly, it pointed out that Worldcoin lacks a reliable mechanism for verifying the age of its members, leading to the unauthorized collection of data from minors without parental consent. Moreover, the CNPD noted that Worldcoin failed to adequately inform users about certain matters, preventing them from managing their data effectively. These violations of data protection regulations, particularly those concerning biometric data and minors, prompted the CNPD to take urgent action against Worldcoin.
The CNPD’s decision was also influenced by concerns regarding Worldcoin’s compliance with the General Data Protection Regulation (GDPR). The GDPR includes specific provisions designed to safeguard biometric data and protect the rights of minors, both of which were allegedly disregarded by Worldcoin. The CNPD’s President, Paula Meira Lourenço, emphasized the necessity of these measures in upholding public and minor’s rights. However, Worldcoin has vehemently denied any wrongdoing, asserting its full compliance with all relevant laws and regulations. Jannick Preiwisch, Worldcoin Foundation’s data protection officer, stated that the company does not allow minors to register through the ORB platform and expressed surprise at the CNPD’s actions. Preiwisch further highlighted Worldcoin’s commitment to data protection and the implementation of a user-controlled Personal Custody model to enhance data management.
Despite Worldcoin’s assurances of compliance, the CNPD’s ban raises concerns about the company’s data collection practices and its adherence to regulatory standards. The imposition of similar restrictions by Spain further underscores the gravity of the situation and indicates a broader pattern of non-compliance. Worldcoin’s response to these allegations will be crucial in determining its credibility and commitment to data protection. The introduction of the Personal Custody model appears to be a step in the right direction, but the efficacy of this solution remains to be seen. Moving forward, Worldcoin must address the CNPD’s concerns and take proactive measures to ensure transparency, accountability, and respect for users’ privacy rights.